Abstract In the United States, Congress decided after the 2000 Presidential elections that the old, punch card voting system was prone to error and had to be replaced with an electronic, computer-based, touchscreen system. The author of the paper examines this decision and its implementation and points out some of the problems and dangers arising from a move to purely electronic voting systems. Some of the problems noted include the following: electronic voting has no paper record of the individual's vote, computer systems and software designed for the system proved to be flawed and highly prone to system crashes and finally, insufficient governmental supervision of the companies charged with developing and manufacturing the system.
From the Paper "The truly audacious aspect of this lack of a paper trail with touch-screen voting is that the other machines created by Diebold and their ilk DO have 'paper trails.' Ask yourself: would you use an ATM that didn't dispense a receipt informing you of your balance, so you could be made aware immediately of a bank computer error? Would you use your credit card at a store that did not give you a receipt, so you could check to see if you had been overcharged? Of course not--you would shift to another bank or use another store. But this act of faith was exactly what Diebold was expected of American voters. And voters in states like Georgia that only use electronic voting cannot move their votes, like consumers can move their dollars, to a more reliable venue."
Tags: electorate congress voters, punch card, computertouchscreensecuritymodernizeethicssoftware democratic
Abstract This paper reviews excerpts of a letter sent to Mike Leavitt, US Secretary of Health and Human Services, on behalf of organizations participating in the Consumer Coalition for Health Privacy. The letter concerns a lost, or perhaps stolen, laptop computer. The paper discusses compromised health information as a result of storing this information in an information technology medium. The paper goes on to discuss how problems are arising in the health industry as a result of information technology that may cause a breach in ethical protocols and undermine the confidence of patients in the health profession.
From the Paper "In the same manner trust is structured in the form of policies, information assets - especially medical information - must be guided by policies that determine storage, archiving and access. Medical records in paper based forms are becoming extinct and being replace by digitally stored data. Further, some medical files and records are stored on cards with smart chips carried by patients on their persons that in the event of emergencies, health professionals attending to the ailing patient can easily load the smart card in a reading device and have instant access to the patient's medical history. The digitally stored medical information nowadays are also available online - a doctor in Cincinnati can access (provided authority is given that doctor) a patient's medical record in a database in Seattle or a hospital in Kansas can schedule a San Francisco patient for medical procedures once they get access from the patient's San Francisco medical records."
Abstract This paper discusses the software development life-cycle (SDLC) in terms of integrating security design and architecture into the process. The proposal is made that the more refined personal software process (PSP) methodology can be infused into the SDLC in tandem with a quality program that will ensure both an individual and organizational attention to security design and implementation is made throughout the SDLC.
From the Paper "The rapid and ubiquitous spread of computing and networking technology that is interconnected with internet and web-based platforms have made security the single most important dimension of software design and development. Industry analysts have observed that, "The threat is enormous...70% of business security vulnerabilities are at the application layer. This is compounded by 64% of in-house business software developers admitting they lack confidence that they can write secure applications" (Green, 2006, para.3). Clearly, effective applications are within the competency range of most software developers and designers but appropriate security solutions are often left unaddressed through either ignorance or oversight."
Abstract This paper begins with a discussion on network security in general. It then explores hardware, software and people-related vulnerabilities associated with network security. In conclusion it researches solutions namely, firewalls, embedded security and risk management.
From the Paper "Network security in the 21st century has become much more complex than ever before. New types and sources of network security threats always on high speed internet connections wireless ..."
Abstract This paper describes an effective computer audit security policy that will allow companies to track computer use of their employees. The paper suggests that this policy is of major importance to large and small businesses, as it presents employees with a clear picture of what activities are appropriate and inappropriate, and gives auditors a means of monitoring all computer systems. This paper addresses the need for policy implementation, and discusses the process of setting up the system, including possible risks and liabilities.
From the Paper "As the business world becomes more and more dependent on technology, more and more companies are providing all of their employees with Internet connections, opening up a world of new opportunities and benefits, as well as a slew of new problems. One of the biggest drawbacks to increased Internet connectivity is misuse of the Internet, which many managers refer to as the "World Wide Waste" (Palmgren, 2003)."
Abstract This paper reviews and discusses various recent cyber-security breaches in the USA. The paper discusses each event, the method used to breach the cyber-security and the response. The paper focuses primarily on the case of Moonlight Maze, one of the most infamous cyber-attacks which occurred in the late 1990s.
From the Paper "The hackers were apparently working from a location in Russia, though this could not be definitively established due to the nature of the infiltration. All that is known for certain is that the hack into Department of Defense computers had been going on for more than a year and that it is entirely unclear how much information was made off with during that time. This is due in part to the fact that in addition to raiding information directly from the Pentagon, the hackers also used that point of entry to enter other sensitive systems throughout the US government. These included networks at nuclear research labs associated with the Energy Department, NASA, and numerous university research facilities (Drogin, 1999). Investigators reiterate that the attackers obtained no known classified information, but the general uncertainty surrounding Moonlight Maze makes this claim dubious at best."
Tags: infiltrations, sensitive, cyber-attack, computer, system, security, breach, hacker, russia
Abstract This paper discusses computer viruses, computersoftware programs that interfere with the smooth running of a computer's OS and hardware and are designed to replicate and hide themselves to avoid detection. A virus' main goal is to infect and replicate on as many other systems as possible causing as much damage in the process such as erasing hard disks or deleting vital files that run certain software programs. It presents information that gives users who do not have much experience in this area of network security an introductory overview of what malicious software is and how it works. It examines three main areas of importance, the definition of a virus, types of viruses and virus protection. Trojans and Worms are also covered.
From the Paper "Viruses are programs and must be executed to become activated. This is done by double clicking on the email attachment or the setup .exe or .com executables for software programs. In one instance as of late the author has seen the W32.Funlove virus spread through a downloaded screensaver for his favorite college football team. The virus was hidden behind the executable and activated when the screen saver was installed. Viruses, in an infected executable file, modifies the original program to point to the virus code and launch that code along with its own. Most of the time the process is to jump to the virus code first, execute it, then go back to the original code."
Tags: information, internet, malicious, network, security, software, systems
Abstract The paper explains that the rapid spread of computing and networking technology has made security the single most important dimension of software design and development. The paper discusses solution strategies as well as threats and ethical implications vis-a-vis security and privacy concerns within the IT industry. The paper concludes that encryption of organizational data should be considered in all instances.
From the Paper "The rapid and ubiquitous spread of computing and networking technology that is interconnected with internet and web-based platforms has made security the single most important dimension of software design and development. Industry analysts have observed that, "The threat is enormous...70% of business security vulnerabilities are at the application layer. This is compounded by 64% of in-house business software developers admitting they lack confidence that they can write secure applications" (Green par.3). Clearly, effective applications are within the competency range of most software developers and designers but appropriate security solutions are often left unaddressed through either ignorance or oversight. Even the National Institute of Standards and Technology believes there is a definitive need for better integration of security issues in the overall software development process which might be considered the root source of security issues."
Abstract This paper examines computersecurity as a critical factor for the success of any corporation. The degree of crimes that can occur through computers and through the Internet are examined to prove just how serious the issue at hand is. Installing the appropriate securitysoftware on the network is costly, but the paper proves that considering the cost of having a hacker access the corporation's plans, financial records, and/or the credit card numbers of customers, it is well worth the price.
From the Paper "Cyberterorrism, information warfare, and economic espionage are looked into to prove the disasters that could be awaiting corporations and governemnts worldwide. Cyberspace is the latest arena for crime; and hacking is one of those crimes. Several examples are given, as well as "a group of hackers testified before Congress stating that better security is needed because a sophisticated hacker could disable the global network in less than 30 minutes and keep it that way for days. A Swedish hacker jammed the 911 emergency phone system in Florida. A Russian hacker transferred $3.7 million from Citibank in New York to numerous accounts around the world. Teenage hackers broke into the Pentagon's computer system and took software that is used to track military satellites. A hacker altered phone switches so that calls placed to a phone-sex line in New York were routed to a Florida county probation department""
Tags: technology, firewalls, hackers, cyberterrorism, security, crime, internet
Abstract The risk assessment process is becoming increasingly important, but it has assumed enormously complex dimensions at the same time. Risk assessment has reached a new level of importance in the Information Age. The growth of sophisticated networked information systems and distributed computing has created a potentially dangerous environment for private and public organizations. This paper examines these issues and provides an analysis of popular risk assessment applications. An original comparison table is provided.
Chapter One: Introduction
Statement of Hypothesis, Research Problem, or Statement of the Purpose
Outline of Thesis/Project
Chapter Two: Methodology/Layout or Reason
Chapter Three: Literature Review
Industrial Settings and Software Business Credit Settings and Software Primary Software Secondary Software Risk Assessment Software for Credit Applications
Accounts Receivable Processing (ARP) Company
Advisa, Inc.
C/LECT Consulting, Inc.
Competix
Credit & Management Systems, Inc.
Dun & Bradstreet
eCredible, Ltd.
eCredit.com
Experian
GETPAID Corporation
I-many, Inc. (formerly ChiCor, Inc.)
Magnum Communications, Ltd.
9ci, Inc.
NMC Technologies, Inc.
Risk Assessment in Financial Institutions
Selected Banking Risk Management Software Chapter Four: Pros and Cons
Chapter Five: Findings
Establish the Context
Identify Situations that Have Risk Implications
Analyze and Assess Risk
Design Response Strategies
Implement and Integrate
Measure, Monitor and Report
Chapter Six: Conclusion and Recommendations
Works Cited
From the Paper "Risk assessment has reached a new level of importance in the Information Age. The growth of sophisticated networked information systems and distributed computing has created a potentially dangerous environment for private and public organizations. "Critical data -- such as from trade secrets, proprietary information, troop movements, sensitive medical records and financial transactions -- flows through these systems" (Hammond 1999:69). Consequently, organizations are becoming increasingly concerned with potential exposure and are looking for ways to evaluate their organization's security profile today. Risk assessment software applications systems allow researchers, managers and others to perform "what if" analyses of the value of their information and various threats and vulnerabilities. For instance, risk assessment software systems such as NetSolar by Cisco, use both passive analysis and active probing methods to identify security vulnerabilities, which may increase the efficiency of vulnerability identification and reduce false-positive results. Hamilton reports that these technical assessments can differentiate between infrastructure devices (routers, switches, or firewalls) and host devices (user workstations or servers such as e-mail servers and Web servers). "Technical vulnerability tools can find vulnerabilities in network TCP/IP hosts, UNIX hosts, Windows NT hosts, Web servers, mail servers, FTP servers, firewalls, routers and switches" (Hamilton 1999:69)."
Abstract There can be little question that software engineers today are expected not only to produce programs that are accessible and efficacious but also programs that will protect the privacy and security of ordinary citizens in an age of computer hacking and online surveillance. With this in mind this paper explores what computer programmers must do to protect the online identities of clients and businesses as well as to protect organizations more generally from fraud systems compromise and information extraction by hostile parties.
Abstract This paper investigates how to properly secure a home PC and discusses why such security is needed. It claims that securing a home computer with the installation of software that protects the PC from spy ware, worms and viruses is essential. The author warns that parents must be aware that online dangers exist. The paper explains that securing the home PC is necessary because it ensures that personal information does not get into the wrong hands.
Table of Contents:
Introduction
How to Properly Secure a Home PC and Why a Home PC Needs to be Secured Conclusion
References
From the Paper "The main and most prevalent way of securing a Home PC is through the use of Security Software. Security Software often includes items such as Spyware detection/removal, firewalls, Spam protection and worm/virus protection. All of these things are needed to ensure that a home computer is secure against these threats. Over the next few paragraphs we will discuss in more detail how to protect Home PC's against Spyware, firewalls, Spam protection and worms and viruses as these or the most common threats. We will also discuss Securing PC's against internet predators and blocking questionable sites (parental controls)."
Abstract This paper looks at some of the different methods that computer hackers use when trying to access different networks. The paper gives a detailed background on computers, terminology and some of the damage that can be done by hackers. It also looks at the characteristics of hackers, security systems, passwords and encryption. The author uses a case study to illustrate how to hack into a computer system.
From the Paper "Most people tend to think of computers and all of the data that is stored within them as confidential because they are physically situated within a private space (usually a business or a house) and their use is formally restricted to a limited number of users. We know that the computers are a part of the work space or a part of a house and we see this physical positioning of them as being a proxy for the confidentiality of the information that is stored within them. While this does have important legal implications, it does not in fact have a great deal of practical value. The computer sitting on your desk in your cubicle connects you via that phone line to hackers in Russia and China with nothing better to do than to find out exactly what information you might be in possession of that might be useful for them."
Abstract Adequate security is now accepted as a basic requirement for every e-commerce or networked system. This applies to all the underlying components - the LAN, Firewall, Routers, Internet and so on. The paper shows that as the surge of online consumers continues, e-commerce security is drawing more and more attention from businesses and consumers alike. But one issue, the security of proprietary information sent over the internet, keeps getting in the way. In expanding access to e-commerce solutions, organizations increase their risk of exposing vital corporate information to external parties. The paper shows that such viruses and hacker tools are available around the world virtually instantaneously via the Web. Viral detection software can find and eliminate computer viruses. However, even when one problem is addressed, companies cannot get too comfortable, because safe today does not mean safe tomorrow.
From the Paper "The security problems of the future will be the same as those of the present: management of complexity. Software systems suffer security problems because they are complex, large, and difficult to program; a single flaw can give an attacker a foothold into an otherwise very strong system. Good design and a solid security foundation can provide multiple levels of protection, and reduce the risk of a system being completely compromised. Future electronic commerce systems will require correct interoperation among end points, browsers, servers, firewalls, and other network devices that haven't been invented yet. As the number of cooperating agents increases, the chances that everything will perform correctly decreases."
Abstract In this article, the writer notes that information technology is a requirement in today's competitive business environment. The writer points out that the use of computers and the Internet has become an indispensable part of the modern workplace that enables tasks to be done and improves productivity. The writer maintains that an unprecedented interplay of technological, demographic and global economic forces is shaping the nature of work in America and redefining the American workplace and the role of its workers. In this regard, the writer relates that organizations must ensure that the workforce is technologically savvy to the extent needed for them to do their jobs with the help of information technologies. The writer concludes that more improvements will be made as technology improves and better facilities will enable optimum learning for each individual employee.
From the Paper "The training program can be divided into three parts: Basic Concepts of Information Technology, Information Technology and the Business, and Information Security and Information Technology Today. Part One introduces the employees to the basic computer concepts, basic information systems security and introduction to the Internet, the World Wide Web and Electronic Commerce. After the basics, Part Two takes a more in-depth look at information systems in the organization, the management of information resources, business process reengineering, and knowledge, change and project management. Part Three of the seminar concentrates on risk analysis, business continuity planning and disaster recovery planning. Issues, hypes, trends in information technology with case studies and open forum constitute the remainder of the training program and synergize the whole learning process in information technology."
